VulnHub

Researchers have identified a serious security flaw in GitHub.com and GitHub Enterprise Server, designated CVE-2026-3854, which could enable an authenticated user to execute arbitrary code remotely with just a single 'git push' command. This command injection vulnerability has a CVSS score of 8.7, indicating its severity. If exploited, it could allow attackers with repository push access to take control over affected systems. This issue affects both individual developers and organizations using GitHub for version control, highlighting the need for immediate awareness and action. Users are advised to monitor their repositories closely and apply any recommended patches as they become available.

A Brazilian cybercrime group known as LofyGang has returned after a three-year hiatus, launching a campaign targeting Minecraft players through a malware called LofyStealer, also referred to as GrabBot. This malicious software is disguised as a Minecraft hack named 'Slinky' and uses the official game icon to trick users into executing it. Once installed, LofyStealer can steal sensitive information from the victim's device. This resurgence is concerning for the gaming community, as it shows that cybercriminals are still active and adapting their tactics to exploit popular platforms. Players need to be cautious about downloading third-party software, especially those that claim to enhance game performance or functionality.

A new security incident has emerged involving the malicious elementary-data package version 0.23.3, which has been found to steal sensitive developer information and cryptocurrency wallet credentials. The attack took advantage of a flaw in GitHub Actions scripts, allowing the attacker to inject shell code that exposed a GitHub token. This means that anyone using this version of the package could be at risk, potentially compromising their projects and financial assets. Developers and organizations using this package need to take immediate action to secure their systems and prevent unauthorized access to their data. The incident serves as a reminder of the vulnerabilities that can arise in software development environments, particularly when integrating third-party packages.

Vimeo has confirmed that it experienced a data breach affecting user and customer information. The ShinyHunters group claims to possess stolen files and is demanding a ransom to prevent them from leaking this data. This breach raises concerns about the security of Vimeo's platform and the potential exposure of sensitive user information. Affected individuals may face risks such as identity theft or unauthorized access to their accounts. Vimeo's response to the ransom demand and their plans for securing user data will be critical in addressing the fallout from this incident.

Udemy, a popular e-learning platform, has reportedly suffered a data breach involving more than 1.4 million user records. The ShinyHunters group, known for extortion tactics, claimed responsibility and is threatening to release the stolen data if Udemy does not engage in negotiations by April 27. This breach raises concerns for users about the potential exposure of personal information, which could lead to identity theft or phishing attacks. Companies like Udemy need to take swift action to protect their users and secure their systems against further attacks. The incident highlights the ongoing risks that online platforms face from cybercriminals seeking to exploit vulnerabilities for profit.

A new scam is targeting users through fake CAPTCHA challenges on typosquatted domains that impersonate telecommunications brands. When users unknowingly visit these fraudulent sites, they may be prompted to complete a CAPTCHA, which is part of a scheme to steal personal information and drain bank accounts. This attack relies on social engineering tactics to trick individuals into providing sensitive data. As a result, victims could face significant financial losses and identity theft. This incident serves as a reminder for users to be cautious when entering personal information online and to verify website URLs before engaging with them.

Checkmarx, a company specializing in application security, has confirmed that their private GitHub repository was breached by the LAPSUS$ hacking group. The stolen data has now been leaked online, raising concerns about the security of sensitive information held by the company. This incident not only affects Checkmarx but may also impact its clients and partners who rely on its services for secure software development. The leak emphasizes the ongoing risks associated with storing code and data in cloud repositories, particularly when they are targeted by sophisticated threat actors. As the situation develops, companies using similar platforms should remain vigilant and review their security measures to prevent similar breaches.

Researchers have discovered over 70 cloned Open VSX extensions that are believed to be designed to distribute the GlassWorm malware. These extensions, which mimic legitimate ones, may act as sleeper agents waiting to infect users. This incident poses a significant risk to developers and users who rely on the Open VSX platform for software development, as these malicious extensions could compromise their systems and data. Users are urged to be cautious and verify the authenticity of any extensions they download. This situation raises concerns about the security of extension marketplaces and the potential for widespread malware distribution through seemingly harmless tools.